
Daily Open Source Infrastructure Report 

13 February 2014 



Top Stories 

• More than 350,000 customers across several southern States lost power February 12 due to 
a severe ice storm which also prompted 3,003 flight cancellations nationwide. - NBC News 
(See item 1) 

• A pipeline at Patriot Coal’s Kanawha Eagle Prep Plant near Winifrede, West Virginia, 
ruptured and released 108,000 gallons of coal slurry a Kanawha River tributary February 
11 .— Associated Press (See item 3 ) 

• Toyota announced a recall covering 2.1 million vehicles worldwide, including 973,000 in 
North America, for two software issues. - CNNMoney (See item 5 ) 

• Cloudflare confirmed February 10 that one of its customers was being targeted by a 
massive distributed denial of service (DDoS) attack that utilized Network Time Protocol 
(NTP) reflection, reaching over 400 gigabits per second. - Help Net Security (See item 21 ) 
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Energy Sector 



1. February 12, NBC News - (National) Bone-chilling: ‘Catastrophic’ winter blast 
wipes out power in south. More than 350,000 customers across several southern 
States lost power February 12 due to a severe ice storm which also prompted 3,003 
flight cancellations nationwide and 3,198 delayed flights. 

Source: http://www.nbcnews.com/storvline/deep-freeze/bone-chilling-catastrophic- 
winter-blast-wipes-out-power-south-n28156 

2. February 12, Pittsburgh Post-Gazette - (Pennsylvania) Green County shale well 
continues burning. A worker was still unaccounted for as a Chevron-owned Marcellus 
Shale natural gas well in Greene County, Pennsylvania, continued to burn February 12 
after a fire ignited at the well site February 1 1 . 

Source: http://www.post-gazette.com/local/south/2014/02/ll/Gas-well-explodes-in- 
southeastem-Greene-County/stories/20 14021 10126 

3. February 11, Associated Press - (West Virginia) W.Va. coal prep plant spills slurry 
into creek. A pipeline at Patriot Coal’s Kanawha Eagle Prep Plant near Winifrede 
ruptured and released 108,000 gallons of coal slurry into Fields Creek, a tributary of the 
Kanawha River, February 11. West Virginia American Water officials do not anticipate 
the slurry spill will affect public drinking water but believe environmental impacts 
could be severe. 

Source: http://www.timesunion.com/news/science/article/W-Va-coal-prep-plant-spills- 
slurrv-into-creek-5224726.php 

4. February 11, Chester County Daily Local News - (Pennsylvania) 2 stole from electric 
company, police say. A former office manager and accountant, and a former mechanic 
at Alfred J. Fry III, Inc., or Fry Electric were arrested the week of February 3 after an 
investigation determined they allegedly embezzled and stole about $150,000 from the 
West Goshen company through thefts of company-owned tools and misappropriated 
company funds. 

Source: http://www.dailylocal.com/general-news/20140211/2-stole-from-electric- 
company-police-say 

T Return to top i 

Chemical Industry Sector 

Nothing to report 
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Nuclear Reactors, Materials, and Waste Sector 

Nothing to report 
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Critical Manufacturing Sector 

5. February 12, CNNMoney - (International) Toyota recalls 2.1 million vehicles. Toyota 
announced a recall covering 2.1 million vehicles worldwide, including 973,000 in 
North America, for two software issues. 713,000 model year 2010-2014 Prius vehicles 
have a software issue that could result in higher thermal stress and a loss of power, 
while 260,000 model year 2012RAV4, 2012-2013 Tacoma, and 2012-2013 Lexus RX 
350 vehicles in the U.S. may experience loss of vehicle stability control, anti-lock 
braking, and traction control due to a second software issue. 

Source: http : //money . cnn . com/20 1 4/02/ 1 2/auto s/to yota- prius -recall/index . html 

6. February 12, U.S. Consumer Product Safety Commission - (International) Air 

compressors recalled by MAT Industries due to shock hazard. MAT Industries 
began a recall of about 107,000 HDX and Powermate 2-gallon air compressors sold in 
the U.S. and Canada due to the potential for the pressure switch terminals to come in 
contact with the motor housing, posing a shock hazard. 

Source: http://www.cpsc.gov/en/Recalls/2014/Air-Compressors-Recalled-by-MAT- 
Industries/ 

[ Return to top ] 



Defense Industrial Base Sector 



Nothing to report 
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Financial Services Sector 

7. February 12, Softpedia - (International) Bitstamp suspends Bitcoin withdrawals due 
to DOS attack. Bitcoin exchange service Bitstamp began suspending withdrawals 
while dealing with a denial of service (DoS) attack exploiting a transaction malleability 
issue. 

Source: http://news.softpedia.com/news/Bitstamp-Suspends-Bitcoin-Withdrawals-Due- 
to-DOS - Attack-426249 . shtml 

8. February 11, Softpedia - (International) Corkow trojan targets bank customers, 
Bitcoin owners and Android developers. Researchers at ESET have monitored the 
use of a modular banking trojan known as Corkow that can be fitted with additional 
capabilities and is able to steal keystrokes, screenshots, and inject phishing pages. The 
malware also appears to be targeting Android developers and the login credentials for 
Bitcoin Web sites. 

Source: http://news.softpedia.com/news/Corkow-Trojan-Targets-Bank-Customers- 
Bitcoin-Owners-and-Android-Developers-426Q56.shtml 
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9. February 11, U.S. Securities and Exchange Commission - (International) Two Hong 
Kong-based firms to pay $11 million for insider trading ahead of Nexen 
acquisition by company in China. Hong Kong-based firms OTIC Securities 
International Investment Management Limited and China Shenghai Investment 
Management Limited agreed to pay a combined $11 million to settle U.S. Securities 
and Exchange Commission charges that the companies engaged in insider trading 
ahead of the acquisition of Nexen by China-based CNOOC Limited. 

Source: http ://w w w. sec. go v/New s/Pres sRelease/Detail/Pres sRelease/ 13705 40775 561 
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Transportation Systems Sector 

10. February 12, Associated Press - (South Carolina) Transportation department 
working on SC roads. The South Carolina Department of Transportation closed the 
Ravenel Bridge linking Charleston and Mount Pleasant as a winter storm dropped 
snow, sleet, and freezing rain throughout the State while crews worked to treat 
roadways February 12. 

Source: http ://w w w . myrtlebeachonline . com/20 1 4/02/ 1 2/402 1191 /transportation- 
department- working.html 

11. February 12, Associated Press - (Mississippi; Louisiana) Crash shuts down 
Mississippi River 1-20 bridge in icy weather. The Mississippi River bridge on 
Interstate 20 in Vicksburg was shut down for several hours in both directions February 
12 after at least four semi-trucks were involved in an accident in which one of the 
vehicles began leaking an unidentified flammable fluid. 

Source: http://blog.gulflive.com/mississippi-press- 
news/20 14/02/crash shuts down mississippi r.html 

12. February 12, WCBS 2 New York City - (New York) NYC bus driver killed, 4 hurt 
after collision with box truck. One person was killed and four others were injured 
after an allegedly stolen box truck crashed into a New York City bus, causing both 
vehicles to run up on the sidewalk February 12. 

Source: http://newvork.cbslocal.com/2014/02/12/l-dead-after-nyc-bus-crash-in- 
greenwich-village/ 

For another story, see item 1 
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Food and Agriculture Sector 

13. February 11, Food Poisoning Bulletin - (National) Prime Snax recalls beef jerky for 
undeclared soy. The U.S. Department of Agriculture’s Food Safety and Inspection 
Service announced that Prime Snax recalled approximately 90,000 pound of beef jerky 
products due to misbranding and undeclared soy lecithin. The products were distributed 
to retailers nationwide. 



- 4 - 



Source: http://foodpoisoningbulletin.com/2014/prime-snax-recalls-beef-ierkv-for- 
undeclared-soy/ 



14. February 11, KCPQ 13 Seattle - (Washington) Whatcom County Applebee’s closed 
again following 2nd virus outbreak. The Whatcom County Health Department and 
restaurant management closed an Applebee’s restaurant February 1 1 due to a second 
possible Norovirus outbreak. The restaurant reopened February 9 after undergoing a 3- 
day extensive cleaning prompted by 12 workers that showed Norovirus symptoms. 
Source: http://ql3fox.corn/2014/02/ll/whatcom-countv-applebees-closed-following- 
virus-outbreak/ 
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Water and Wastewater Systems Sector 

15. February 12, Killeen Daily Herald - (Texas) Killeen to pay $30 million to build new 
water treatment plant. The Killeen City Council came to an agreement February 1 1 
with Bell County Water Control and Improvement District No. 1 on an amendment that 
will add 10 million gallons of treated water per day to the city’s water treatment plant 
on Stillhouse Hollow Lake after approving financing, design, and construction plans. 
The approved agreement will address the city’s growing need for water. 

Source: http://kdhnews.com/news/killeen-to-pav-million-to-build-new-water-treatment- 
plant/article 198596c4-93a6-l Ie3-b085-001a4bcf6878.html 

16. February 11, KING 5 Seattle - (Washington) Dept, of Ecology says Hood Canal oil 
spill 2,000 gallons. The Washington Department of Ecology is investigating a 2,000 
gallon oil spill February 1 1 on Hood Canal in Washington after the U.S. Navy stated 
that the transfer of oily bilge water onto a dock did not shut off when it was supposed 
to, causing the spill. 

Source: http://www.king5.com/news/environment/Ship-overboard-discharge-spill-at- 
Naval-Base-Kitsap-244965291.html 

For another story, see item 3 



T Return to top i 



Healthcare and Public Health Sector 

See item 18 
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Government Facilities Sector 

17. February 12, WMC 5 Memphis - (Tennessee) MDOT issues warning about icy 
roads, prompts more school closings. Icy road conditions caused by freezing rain led 
authorities to cancel classes across several school districts in Mississippi February 12. 
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Source: http://www.wmctv.com/story/24700663/mdot-warns-drivers-about-icv- 
bridges-in-n-mississippi 

18. February 12, WJBF 6 Augusta - (Georgia) Winter storm threat causing some CSRA 
school, government, business closings and delays. A severe winter storm prompted 
officials to preemptively close or issue delay notices for several schools, school 
systems, government offices, businesses, and medical facilities around the Central 
Savannah River Area in Georgia February 12. 

Source: http://www.wibf.com/storv/24692009/winter-storm-threat-causing-some-csra- 
school-closings-and-delays 

19. February 11, Knoxville News Sentinel - (Tennessee) Knox joins growing list of 
school closures ahead of ‘significant’ snow fall. A winter storm warning prompted 
officials to close schools across a number of Tennessee counties for February 12. 
Source: http://www.knoxnews.com/news/2014/feb/ll/to-close-or-not-east-tennessee- 
schools-weather/ 

20. February 11, Easton Express-Times - (Pennsylvania) Bethlehem Catholic High 
School bust pipe filled boiler room with 8 feet of water, spokesman says. 

Bethlehem Catholic High School in Pennsylvania remained closed until further notice 
February 1 1 after a burst water pipe cut water, electricity, and heat to the building 
February 10. 

Source: 

http://www.lehighvallevlive.com/bethlehem/index.ssf/2014/02/bethlehem catholic bur 
st pipe.html#incart river default 
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Emergency Services Sector 

Nothing to report 
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Information Technology Sector 

21. February 12, Help Net Security - (International) 400Gbps NTP-based DDoS attack 
hits Cloudflare. Cloudflare confirmed February 10 that one of its customers was being 
targeted by a massive distributed denial of service (DDoS) attack that utilized Network 
Time Protocol (NTP) reflection. The attack reached over 400 gigabits per second and 
misused over 4,500 NTP servers. 

Source: http://www.net-security.org/secworld.php?id=16350 

22. February 12, Softpedia - (International) Bitcoin-stealing Mac malware distributed 
via Download.com and MacUpdate. Researchers from SecureMac analyzed the 
CoinThief Bitcoin-stealing malware for OS X and found that it is being distributed 
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under various names on several legitimate Web sites, including MacUpdate and 
Download.com. 

Source: http://news.softpedia.com/news/Bitcoin-Stealing-Mac-Malware-Distributed- 
via-Download-com-and-MacUpdate-426284.shtml 

23. February 11, IDG News Service - (International) Microsoft addresses critical IE 
vulnerabilities for Patch Tuesday. Microsoft released its monthly Patch Tuesday 
round of patches February 11, including 7 bulletins, 4 of which were rated critical, 
closing a total of 31 vulnerabilities. 

Source: http://www.networkworld.com/news/2014/021 114-microsoft-addresses- 
critical-ie-vulnerabilities-278672.html 

24. February 11, Threatpost - (International) Adobe patches critical vulnerabilities in 
Shockwave. Adobe released a patch February 1 1 for its Shockwave Player, closing a 
critical vulnerability in the platform that could allow an attacker to remotely take 
control of an affected system. 

Source: http://threatpost.com/adobe-patches-critical-vulnerabilities-in- 
shockwave/ 1 04207 

25. February 11, Computerworld - (International) Windows XP isn’t the only software 
getting the knife in 8 weeks. Microsoft will cease support and no longer issue security 
updates for its Office 2003 and Exchange Server 2003 after April 8, the same date it 
will cease support for the Windows XP operating system. 

Source: http://www.networkworld.com/news/2014/021 114-windows-xp-isn39t-the- 
only-278675.html 

26. February 11, Help Net Security - (International) Older Flash Player vulnerability 
exploited in the wild. Researchers at Microsoft discovered several recent attacks 
exploiting a Flash Player vulnerability that was patched in November 2013, which 
attempts to install a trojan downloader on vulnerable computers. 

Source: http://www.net-securitv.org/secworld.php?id= 16343 

For another story, see item 8 

Internet Alert Dashboard 



To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or 
visit their Web site: http://www.us-cert.gov 

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and 
Analysis Center) Web site: http://www.it-isac.org 
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Communications Sector 

Nothing to report 
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Commercial Facilities Sector 

27. February 11, KCRG 9 Cedar Rapids - (Iowa) Fire damages Fairfield apartment 
complex. Seventeen people were displaced by a fire that broke out at the North Bay 
Apartments complex in Fairfield, Iowa, February 11. 

Source: http://www.kcrg.com/news/local/Fire-Damages-Fairfield-Apartment-Complex- 
244978151.html 

28. February 11, Tampa Bay Times - (Florida) Fire forces evacuation, closure of 
Brooksville Walmart. The Brooksville, Florida Walmart evacuated and temporarily 
closed February 1 1 after a fire broke out in a storage room at the store. Officials believe 
a floor buffer may have sparked the fire, which activated the overhead sprinklers. 
Source: http://www.tampabav.com/news/publicsafetv/fire/fire-forces-evacuation-of- 
brooks ville-walmart/2 165038 

29. February 11, St. Louis Post-Dispatch - (Missouri) Gas leak causes evacuation at 
Troy, Mo., Kroger store. Patrons and employees were evacuated from and operations 
temporarily closed at a two-story office building and a Kroger grocery store in Troy, 
Missouri, due to a gas leak at a shopping center that forced authorities to shut off gas 
and power services to the buildings February 11. 

Source: http://www.stltoday.com/news/local/stcharles/gas-leak-causes-evacuation-at- 
troy-mo-kroger-store/article 93c43b54-1776-5051-86aa-4e0cb26b57ad.html 

30. February 10, Topeka Capital- Journal - (Kansas) Fire engulfs Bentwood Place 
Apartments building in East Topeka. A fire erupted at the Bentwood Place 
Apartments in East Topeka February 10 and caused an estimated $275,000 in damage. 
Source: http://cionline.com/news/2014-02-10/fire-engulfs-bentwood-place-apartments- 
building-east-topeka 

31. February 10, Arkansas Democrat-Gazette - (Arkansas) Woman arrested in series of 
arsons at LR apartment complex. A suspect was arrested and charged for allegedly 
setting a series of arson fires at the Forest Place Apartment Complex in Little Rock 
between February and June 2013. Two firefighters were injured in the blazes and one 
fire caused an estimated $4 million in damage and displaced 130 residents. 

Source: http://www.arkansasonline.com/news/2014/feb/10/woman-arrested-series- 
arsons-lr-apartment-complex/?news-arkansas 

32. February 9, Buffalo News - (New York) One dead in Amherst apartment fire. 
Amherst, New York firefighters responded to an apartment fire and partial roof 
collapse that killed one resident and caused $1 million in damage to the eight-unit 
complex. 

Source: http://www.buffalonews.com/citv-region/police-blotter/one-dead-in-amherst- 
apartment-fire-20 140209 

For another story, see item 18 
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Dams Sector 



Nothing to report 
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Department of Homeland Security (DHS) 

DHS Daily Open Source Infrastructure Report Contact Information 



About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] 
summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily 
Open Source Infrastructure Report is archived for 10 days on the Department of Homeland Security Web site: 
http://www.dhs.gov/IPDailyReport 

Contact Information 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS 

Daily Report Team at (703) 942-8590 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow 

instructions to Get e-mail updates when this information changes . 

Removal from Distribution List: Send mail to support @ govdelivery.com . 



Contact DHS 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure 
Coordinating Center at nicc@hq.dhs.gov or (202) 282-9201. 

To report cyber infrastructure incidents or to request information, please contact US -CERT at soc@us-cert.gov or visit 
their Web page at www.us-cert.gov . 

Department of Homeland Security Disclaimer 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform 
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright 
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source 
material. 
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